Enterprise-grade security for your backups
Cloud-PBS is designed with a zero-knowledge architecture. Your backup data is encrypted before it leaves your infrastructure, and we never hold your encryption keys.
Client-side encryption
Proxmox Backup Server supports native client-side encryption using AES-256-GCM. When you enable encryption, your data is encrypted on your Proxmox VE server before being sent to Cloud-PBS. The encryption key is generated and stored locally on your server; it never leaves your premises.
This means that even if someone gains access to your Cloud-PBS instance, they cannot read your backup data without your encryption key. This is true even for our own team; we operate on a zero-knowledge basis.
Protection against internal threats
One of the biggest risks to data safety comes from within: accidental deletion, disgruntled employees, or compromised admin accounts. By keeping your backups off-site with Cloud-PBS, you create a separation between your production infrastructure and your backup data.
Even if an attacker gains full control of your local Proxmox environment, your Cloud-PBS backups remain intact and recoverable.
Redundant storage architecture
Your backup data is stored on reliable, redundant storage infrastructure. To further protect your data, you can enable multi-site replication, ensuring your backups remain available even in the event of a site failure.
Secure data transfer
All communication between your Proxmox VE servers and your Cloud-PBS instance is encrypted in transit using TLS. Combined with client-side encryption, your data is protected both in transit and at rest.
Start your backups in under 5 minutes
Create your account, connect your Proxmox host, and let Cloud-PBS handle the rest. 7-day free trial included.